# Alerts ## Device alerts The Alerts section allows you to set up alerts for a device. Alerts are sent by email to the email address of the logged in user. ![Device alerts](https://3649415055-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FWc1Xp1HIov409xra1MoW%2Fuploads%2FmplSs0mOzke4CjZuLsTV%2FCapture%20d%E2%80%99e%CC%81cran%202023-04-27%20a%CC%80%2016.09.44.png?alt=media\&token=45c8fdde-5dcc-46b3-8f11-5c40bc4579f2) ## Types of alerts ### Cyberweather alert #### When the level changes Every hour, the cyber weather level of the day is evaluated. If it has increased compared to the last assessment, an alert is sent. #### Daily cyberweather report The report is an alert that is sent out every day with the previous day's cyber weather. The alert is triggered every day at the first hour (local time of the device). ### Flow alerts #### Toxic flows The toxic flow alert is triggered when **flows** with one or more toxic **IP addresses** have been reported by the device. This is done every hour. #### Suspect flows The Suspicious Flow Alert is triggered when **flows to one or more IP addresses** in the [Suspicious Remote IP Addresses](https://docs.serenicity.fr/control/english/devices/dashboard-dun-appareil/parametres/ip-filtering) list are reported by the device. {% hint style="info" %} If no IP address is configured in the list, then no alert will be sent. {% endhint %} #### *Critical flows (discontinued)* *The critical flow alert is triggered when **flows with one or more toxic IP addresses with a critical threat** are brought up by the device.* This alert has been deleted. You can use advanced alerts by selecting the type(s) of threat for which an alert should be triggered. ### Bandwidth alert If a **single endpoint** on the network generates **more than 40% of the network flows within an hour**, then a bandwidth alert will be sent. {% hint style="warning" %} Using this alert for a supervised network with very few endpoints is not recommended. *If only one endpoint is present, then it will use 100% of the bandwidth and the alert will be triggered.* {% endhint %} ### Disconnection alert If the device **does not report** **any logs for more than one hour**, then its status changes to disconnected and the alert is triggered. In addition, when the device reconnects to services, a reconnection alert will be sent. {% hint style="info" %} A disconnection / reconnection alert will always be sent to the technical reseller contacts configured in the Reseller form of the device fleet. **This alert cannot be disabled.** {% endhint %}